Dumping the data – in an error-based scenario

Let's go back to the previously discussed example, and now we shall exploit the vulnerability using the error-based technique of SQLMap to list the database user and list of databases as follows:

./sqlmap.py -u http://192.168.50.2/Less-1/?id=2 --current-user

The output is shown in the following screenshot:

Dumping the data – in an error-based scenario

Impressive! The current database user pointed out by SQLMap is root.

Now let us print the list of databases present using --dbs switch as follows:

./sqlmap.py -u http://192.168.50.2/Less-1/?id=2 --dbs

The output is shown in the following screenshot:

Once we have the list of databases available, it may be ...

Get Mastering Modern Web Penetration Testing now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.